Asus System Control Interface
Monthly
Local privilege escalation in ASUS System Control Interface allows an authenticated low-privileged user to gain SYSTEM-level code execution by issuing a crafted RPC call that bypasses the component's validation logic. The flaw stems from incorrect permission assignment (CWE-732) on a critical resource exposed over RPC, and no public exploit identified at time of analysis. CVSS 4.0 scores it 7.3 with high attack complexity, indicating exploitation is non-trivial but yields full host compromise.
Out-of-bounds read in ASUS System Control Interface IOCTL handler allows local authenticated users to trigger denial of service via oversized read operations. A local user with limited privileges can supply a read size exceeding the allocated buffer, causing a system crash (BSOD). No public exploit code or active exploitation has been confirmed at this time.
Local privilege escalation in ASUS System Control Interface allows an authenticated low-privileged user to gain SYSTEM-level code execution by issuing a crafted RPC call that bypasses the component's validation logic. The flaw stems from incorrect permission assignment (CWE-732) on a critical resource exposed over RPC, and no public exploit identified at time of analysis. CVSS 4.0 scores it 7.3 with high attack complexity, indicating exploitation is non-trivial but yields full host compromise.
Out-of-bounds read in ASUS System Control Interface IOCTL handler allows local authenticated users to trigger denial of service via oversized read operations. A local user with limited privileges can supply a read size exceeding the allocated buffer, causing a system crash (BSOD). No public exploit code or active exploitation has been confirmed at this time.